AQuA News -June 2017


After an outwardly quiet few months, AQuA was back in exhibition mode at the London Apps World Evolution show last week.

 Our Executive Director, Martin Wrigley, was chairing keynote sessions, developer streams and speaking at the event.  The AQuA stand was busy throughout with Greg and Ruth and Martin talking to visitors who wanted to know more about AQuA’s testing criteria and best practice guidelines, and our new Security Testing Criteria in particular.

 What was very noticeable was the number of people who read our Top Ten errors poster and started agreeing as they ticked off the issues they had seen themselves.  This list is remarkable in its consistency, and every-time we update them we find they have barely changed.  You can read more at:

 Our next event will be speaking at the Next Generation Testing Conference in London on 6th July – if you’d like to attend, you can get a 20% discount and book using code NGTSPK at Next Generation Testing Conference: Assuring Quality in the Digital Age

 AQuA Security Testing Criteria

Our latest project at AQuA has been developing a set of App Security Testing Criteria.  This is based largely on the excellent (but very specialised) work from OWASP (the Open Web Application Security Project), an open source organisation of some 2,000 security professionals across the globe.  For more details see:

 AQuA aims to bring an accessible and pragmatic set of testing criteria to developers and testers who face a steep learning curve when considering how to introduce security testing to their processes. These testing criteria can be used to check that they haven’t fallen into the top security errors and that they have taken reasonable precautions in app security.

 After quite some considerable work from the AQuA technical team, the Security Testing Criteria are just about to start the review phase.  This is where we gather input from our paying members and ensure that the Testing Criteria make sense, that they are pragmatic and useful and that we haven’t missed out anything obvious.

 AQuA has developed a set of straightforward tests, and an accompanying description of tools and techniques to run those steps.  Security testing is, by its nature, more complex and technical than some other forms of testing.  However AQuA is aiming to produce criteria that most testers or developers can use. 

 AQuA believes that testing criteria should be pragmatic and usable, and not require the user to be an expert.  This is in-line with the existing AQuA testing criteria that can be picked up, used and even integrated into your own testing plan.

 The Testing Criteria will then be discussed at the annual AQuA round table.  This is a members and invited guests only event held under the Chatham House Rule providing an open and trustable conversation between practitioners.  It can be used as a means of benchmarking your testing and development practice against the best in the world.  To request your place at the 2017 event in London on Thursday October 12th click here.